Changes to the time
■
The minimum data recorded for each event includes:
Date and time of the event
■
Type of event
■
Who caused the event
■
Outcome of the event (success or failure)
■
Audit Classes
Audit classes are categories for grouping and sorting audit events. The server
provides a predefined set of audit classes, for example, log-in events and service-
related events. You cannot define additional audit classes or change the events in a
class. See the setaudit(8) man page for a list of audit classes.
Audit Policy
Audit policy determines how the auditing feature is implemented at your site. You
can configure the following aspects of auditing:
Whether it is enabled or disabled
■
Types of event that are audited
■
Which users have their events audited
■
Remote directories for storing audit records
■
Threshold of local capacity at which a warning is issued
■
Action when both audit partitions are full
■
The default audit policy is as follows:
Auditing is enabled
■
Records are dropped and counted when the audit trail is full
■
All events are enabled for auditing
■
Global user audit policy is set to enabled
■
Per-user audit policy for all users is set to default (that is, enabled)
■
Audit warning thresholds are set at 80 percent and 100 percent full
■
Email warnings are disabled
■
Chapter 5
Audit Configuration
73